ROT Removal: Why Information Governance is Vital for Corporate eDiscovery

eDiscovery Information Governance

 

ROT Removal: Why Information Governance is Vital for Corporate eDiscovery

JD Supra Readers Choice Top Author 2020Written by Jim Gill
Content Chief, Ipro

Corporations create a huge amount of data each year, but there is no standard from company to company on how that data is managed. Some take a “keep-everything” approach, while others strive to retain only what’s necessary for operations and compliance.

But even with some records management policies in place, a significant percentage of an organizations’ data is ROT (Redundant, Obsolete, Trivial):

  • If your files are like those on my laptop, then you have a perfect example of redundant: there are multiple versions of the same document, along with various iterations throughout the revision of a document.
  • For obsolete, just think of announcements and reminders from previous events or webinars long past.
  • And finally, for trivial, we can turn to today’s eDiscovery Blues™ All joking aside, sports news updates and online shopping ads have become such a regular source of data, that some companies build templates and filters, which automatically remove them from searches.

Technology has definitely made it easier to move through large datasets, and cloud storage has made hanging on to all this data more affordable (at least in the short term). Add this to the traditional eDiscovery approach of putting off collecting data until well into the litigation cycle, and it’s easy to see why ROT can grow within a company.

But there is a reason why Information Governance is the first step in the eDiscovery Reference Model (EDRM). Keeping enterprise data managed and organized can make it easier when decisions must be made due to investigations, litigation, and other triggering events. It’s a middle ground between looking for a needle in a haystack and burning the haystack altogether, something like having a 3D map of only the hay that’s needed.

Before I take this metaphor beyond its breaking point, I’ll put it in more straightforward terms: instead of simply storing data, you store it in a meaningful way which anticipates future legal needs.

By doing this, along with game-changing technology like In-Place EDA — which allows legal and compliance teams to analyze data where it sits (before collection) — you can settle internal investigations quickly or use that data offensively to help win a dispositive motion or more favorable settlement before discovery demands are served. You also reduce the amount of data potentially sent to outside counsel and ALSPs for processing and review, which are the costliest stages in the eDiscovery process.

When data is tidy, it’s easier to search through when the stakes are high. Besides, you know you’re going to check the latest scores and do a little online shopping when your brain needs a distraction. No need to fill up your inbox with such rot.

Want to hear a full discussion on In-Place EDA?
Listen to this deep dive from Mike Quartararo from ACEDS, Frederic Bourget from NetGovern,
and Ryan Joyce and Jim Gill from Ipro!

Top 3 Challenges for Corporate Legal Teams

top corporate legal challenges

Top 3 Challenges for Corporate Legal Teams

A recent stat-filled infographic, General Counsel: From Lawyers to Strategic Partners (released with data from Wolters Kluwer), showed that only 14% of eDiscovery work was done internally by corporate legal teams, with the rest being outsourced to traditional or specialist law firms or to alternative legal services providers (ALSP). But more and more, as companies continue putting a focus on how legal teams can contribute more to business needs overall, pressure is falling on in-house eDiscovery teams to develop new processes along with an investment in technology.

But knowing where to begin can be a challenge all its own.

That’s why Ipro created a series of resources around the Top 3 Challenges for Corporate Legal Teams:

  • Controlling Outside Legal Spend
  • Creating Operational Efficiencies
  • Mitigating Risk

Download the overview today! And stay tuned for the second installment next week!

Top 3 Challenges for Corporate Legal Teams

Legal Hold: You’ve Gotta Know When to Hold ‘Em, Know When to… Release ‘Em

Legal Hold Release

Legal Hold: You’ve Gotta Know When to Hold ‘Em, Know When to…Release ‘Em
Written by Doug Austin, Editor of eDiscovery Today

With all due respect to the late Kenny Rogers and his famous song The Gambler, maybe he would have written a completely different song if he was an eDiscovery professional.

Regardless, in eDiscovery circles, we talk a lot about best practices associated with implementing a legal hold in your organization and what you need to do to meet your preservation obligation, which (as you hopefully know) can begin well before the case is actually filed – it begins when there is a reasonable anticipation of litigation.

For example, if a current or former employee files a claim for discrimination with the Equal Employment Opportunity Commission (EEOC) regarding alleged discrimination by your organization against that employee, that’s probably a reasonable time to anticipate that allegation may eventually lead to litigation and act accordingly to implement a legal hold.

And, implementing legal holds includes the step of sending out hold notices to custodians with potentially responsive data, with explicit instructions regarding steps to preserve ESI, including suspension of any auto-delete mechanisms for email and other messaging platforms, including texts. As I discussed last week, that includes potentially responsive ESI contained on BYOD devices of the custodians.

By the way, people use the term “litigation hold” and “legal hold” interchangeably. I prefer the term “legal hold” as they can be used for non-litigation events as well – for example, regulatory audits – where it can be just as important to preserve ESI related to the audit as it can be to do so for litigation cases.

However, not too many people out there talk about best practices for releasing legal holds.  With so much data in organizations, it’s more important than ever to enforce retention and destruction policies to manage that data effectively, so releasing legal holds can be very important to an organization to reduce costs that might otherwise be required to keep that data indefinitely.

With that in mind, let’s discuss three opportunities for releasing custodians from a legal hold and two caveats to keep in mind before you release those custodians.

Opportunities to Release Custodians from a Legal Hold

You could have reasons to release custodians from legal holds through the case.  Here are three opportunities when you can consider releasing custodians from a legal hold:

  • When the Case Ends: When a case ends through dismissal, settlement or verdict, you can release the legal hold for the custodians related to that case. Obviously, right?  However, the ending of a case doesn’t necessarily mean that the ESI can be released as you’ll see in the first caveat below.
  • When the Custodian Isn’t Deemed Relevant After Analysis: It’s very common to start with a broad group of potential custodians at the beginning of a legal hold and then pare down as you can begin to learn more about what ESI they have and whether any of it is potentially relevant to the case or not. As you determine that particular individual custodians clearly don’t have data relevant to a given case (typically after a custodian questionnaire or interview process), then you can release them after that determination.  Just make sure you keep good documentation about that process and the rationale for those decisions in case you have to justify those decisions to opposing parties – or to the court.
  • When the Custodians Can be Released Due to Agreement or Court Ruling: One of the components to agree upon during the meet and confer is the scope of custodians and, hopefully, you can agree with opposing counsel on that scope, thus enabling you to release any custodians eliminated from that scope. If the parties can’t agree and the Court has to rule on scope, that becomes the milestone for determining for which custodians in question you can release legal holds and when.

Two Caveats for Releasing Legal Holds

While the three opportunities above are times when you can consider releasing custodians from legal holds, here are two caveats to consider:

  • ESI May Be Relevant to More Than One Case: It’s not uncommon for ESI to be relevant to more than one case. For example, in a series of product liability cases, correspondence regarding a company’s product quality assurance processes may be relevant to all of those cases.  The releasing of a custodian in one case doesn’t necessarily change the status of that potentially relevant ESI for other cases.  This is why legal holds need to be issued per case and tracked per case and instructions need to be clear to custodians as to their responsibilities to continue to preserve the ESI for cases that remain active.
  • Departed Custodians May Still Be Relevant: A custodian may leave your organization, but they still may possess relevant data. In those instances, it’s important that policies and procedures establish the organization’s rights and the custodian’s responsibilities to preserve that data.  This could include an organization’s rights to preserve and collect data from BYOD devices that the custodian used for work purposes.  Clear policies and procedures may ensure proper preservation of relevant ESI, or they may be your best defense if a custodian “goes rogue” and spoliates ESI once he/she departs from the organization.

Here’s a good example of a Release of Legal Hold Notice, courtesy of the Association of Corporate Counsel.

You’ve gotta know when to hold ‘em and, just importantly, know when to release ‘em.  Don’t “gamble” with your legal hold decisions, keep good documentation so you can justify your hold releases.  And, RIP, Kenny Rogers, we miss you.

For more educational topics from Doug Austin related to eDiscovery, cybersecurity and data privacy, feel free to follow, eDiscovery Today! And as part of the continued educational partnership between Ipro and eDiscovery Today, he’ll be here in the Ipro Newsroom next week with more educational content!

How to Get Flawless Productions Every Time: eDiscovery Production Checklist

eDiscovery Productions Checklist

How to Get Flawless Productions Every Time: eDiscovery Production Checklist

JD Supra Readers Choice Top Author 2020Written by Jim Gill
Content Chief, Ipro

I’ve heard stories like this from attorneys and paralegals more than once: opposing counsel sends a large production of documents in a single PDF. I’ve even heard a version where the production was sent with all of the emails in one PDF, the email attachments in a second PDF, and none of the metadata was sent at all.

Obviously, the solution for managing something like this isn’t a wild conglomeration of monitors stacked up in the attempt to give reviewers a clear view of everything in that never-ending PDF (plus, as this week’s eDiscovery Blues™ comic reminds us, it’s a fire hazard).

So what can you do?

Rule 34 of the Federal Rules of Civil Procedure (FRCP) establishes the guidelines for producing Electronically Stored Information (ESI). It states that productions must be put into “a reasonably usable form,” and that the requesting party:

  • Must describe with reasonable particularity each item or category of items to be inspected;
  • Must specify a reasonable time, place, and manner for the inspection and for performing the related acts; and
  • May specify the form or forms in which electronically stored information is to be produced.

In other words, “To get what you want, you have to ask for it.”

Use this eDiscovery Production Checklist to ensure productions are better than “reasonably usable” every time.

eDiscovery Production Format Checklist:

(Sources: Ipro Training, Vorys Legal, EDRM)

⇒ Documents should be produced as black & white TIFF images at 300 dpi named with the unique Bates number for that page.

⇒ ESI that cannot render to useable TIFF images (e.g. Spreadsheets, Presentations, Video files, Audio files, etc.) should be produced in native format, named with a unique Bates number and corresponding Bates-numbered TIFF image placeholder.

⇒ Scanned paper documents should be produced with logical unitization (i.e. distinct documents should not be merged into a single record, and single documents should not be split into multiple records).

⇒ Extracted text for all non-redacted electronic files containing searchable text should be produced, and all non-searchable or redacted files should be OCR’d. Native files should contain the text of the document and not the OCR version of the TIFF image placeholder.

⇒ Produced documents, images, and placeholders should include sequential Bates numbering, with prefixes consistent throughout all documents.

⇒ Extracted metadata should be produced, including the following fields:

  • Beginning and Ending Bates Number
  • Beginning and Ending Attachment with Bates Number
  • Page Count
  • Custodian
  • To, From, CC, BCC, Subject
  • Sent and Received Time Stamp
  • Document Folder, File Name, Title, Extension, Author
  • Date/Time Created, Last Modified
  • MD5 Hash
  • Privilege Designation

⇒ For paper documents, produce the following objective coding fields:

  • Beginning Bates number
  • Ending Bates number
  • Beginning attachment Bates number
  • Ending attachment Bates number
  • Source/custodian

⇒ Work with your eDiscovery Technology Vendor to ensure the highest quality productions

 

To learn more about how Ipro can help your organization
read this case study featuring Lightspeed Legal:

“We’ve done hundreds of productions using Ipro & the level of quality to DOJ specifications is unparalleled.”
Rith Kem, Chief Strategy Officer at LightSpeed Legal

 

5 Considerations for Creating an Effective BYOD Policy

Creating an effective BYOD policy

5 Considerations for Creating an Effective BYOD Policy
Written by Doug Austin, Editor of eDiscovery Today

A couple of weeks ago, I discussed three cases here that illustrated the importance of having a strong Bring Your Own Device (BYOD) policy in your organization to minimize security risks.  Today, I’ll discuss best practices associated with BYOD policies and even provide a couple of links to sample BYOD policies that you can use as a starting point to develop your own organization’s BYOD policy or confirm that your existing policy “covers all of the bases” in protecting your organization.

The Stats Associated with BYOD

According to this report, 85 percent of organizations enable BYOD.  76 percent of them enable it at least for employees and those organizations and others also enable it for contractors, partners, customers and suppliers.  Organizations embrace BYOD because it increases employee mobility (74 percent of respondents), employee satisfaction (54 percent) and reduces costs (49 percent).

However, 51 percent of respondents stated that the volume of threats targeting mobile devices is increasing, following the rise of BYOD and mobile data access.  Also, 43 percent of respondents didn’t even know if devices accessing corporate data were infected with malware.  And, just a few years ago, as few as 39 percent of companies actually had a formal BYOD policy.  39 percent!  While that number has probably gone up, it illustrates just how much of a “wild west” the use of BYOD devices has been in many organizations.

5 Considerations for Creating an Effective BYOD Policy

If your organization doesn’t have a BYOD policy, because of the COVID-19 pandemic, there has never been a better time to implement one. Nonetheless, here are some of the considerations you should address to establish proper use of BYOD devices by your employees and any other parties that might have access to organization resources.

  • Require Passwords on All Devices Used for Company Work: I know you’re saying “no duh!” but there are still people out there who could be using older devices with older operating systems (especially with all of the additional remote access during the pandemic) that don’t require the device to be secured with a password. Most newer OSs require a password to be set for the device, so this may not happen that often, but you want to explicitly require passwords on all BYOD devices.  You may also want to establish a requirement for strength of passwords, when appropriate, and maximum amount of idle time for the device before it automatically locks.
  • Establish Lists of Approved and/or Banned Apps: Have you heard all of the recent concern about the app TikTok and privacy concerns? Last week, Amazon told workers to remove the app from their devices or risk losing access to company email, then apparently called that directive a “mistake.  Regardless of what you think of TikTok, there are apps out there that are known security risks.  Your IT department should stay up-to-date on which apps might be at risk, keep updated lists of banned apps within the organization and communicate those changes regularly.  Or consider even getting more restrictive by providing a list of approved apps (and a procedure for requesting apps to be evaluated for addition to the list).
  • Provide Security Software: To the extent that individuals are accessing company resources, they should be doing it through secured means. Securing access through a Virtual Private Network (VPN) or Remote Desktop Protocol (RDP) is a must for any resources not accessed through secured cloud platforms.  In addition, it’s a good idea to consider implementing a Mobile Device Management (MDM) solution to directly administer mobile devices to segment business data and use from personal data and use.
  • Establish a Policy for Use of BYOD Devices During Legal Holds: This is a “no, duh!” tip for eDiscovery professionals, but most people don’t even think about the potential for their BYOD device to contain unique data, even if instructed to preserve all data. The BYOD policy should, in general, explicitly state the rights for the organization to access the BYOD device, which should include the need to preserve and collect data during legal holds.  It also should cover things such as discontinuing auto deletion of texts and messages within messaging apps (which could even include discontinuing using ephemeral messaging apps if they don’t provide an option to keep the messages indefinitely) and coordinating with the organization before replacing your device to capture data from it first.
  • Force Acknowledgement of the Policy and Policy Updates: In other words, require employees (and anyone else with access to company resources) to sign a copy of the policy to acknowledge that they have read and understood the policy. You also may need to consider having them sign periodically to acknowledge significant updates to it as well.  Not only is it important to hopefully avoid incidents of evidence spoliation, but it also can at least illustrate that your organization has communicated and confirmed an understanding of the policy from individuals, which could be important to defend against significant sanction if spoliation does occur.

Examples of BYOD Policies

There are too many best practices to cover in one blog post, but there are several FREE examples of BYOD policies available on the web to provide ideas regarding what to cover in your organization’s BYOD policy.  They cover several additional best practices to address, including support, reimbursement of costs, handling of lost/stolen/damaged equipment and termination of employment.  Here are links to two of them, courtesy of SHRM and IT Manager Daily.  These and others can be terrific starting points for creating your own BYOD policy, but your policy should be unique to the needs and challenges of your particular organization and you should not only customize it to your needs, but evaluate it periodically and update it as necessary to ensure it continues to cover and protect your organization as much as possible.

For more educational topics from Doug Austin related to eDiscovery, cybersecurity and data privacy, feel free to follow, eDiscovery Today And as part of the continued educational partnership between Ipro and eDiscovery Today, he’ll be here in the Ipro Newsroom next week with more educational content!

More than Drawing a Black Box: How to Get Redactions Right for eDiscovery Production

How to Get eDiscovery Redactions Right

More than Drawing a Black Box: How to Get Redactions Right for eDiscovery Production

JD Supra Readers Choice Top Author 2020Written by Jim Gill
Content Chief, Ipro

For most people, redacted documents are the material of spy movies and political scandal. But here in the world of eDiscovery and FOIA requests, they’re a part of everyday life. But that doesn’t mean they’re to be taken lightly! Failure to redact documents or to make sure that redacted content is produced in its redacted format can be case ending (and job ending for the person responsible for the error).

The most common reason this happens, is because law firms and government agencies are taking the “redact by hand” route instead of using tools that properly manage productions to ensure documents meet the expected requirements, making sure the information meant to be kept private is hidden.

Even with redaction technology in place, some file types (like spreadsheet documents) can be difficult to redact, as we see in this week’s eDiscovery Blues™ comic. These challenging file types result in the litigation support or FOIA personnel using Microsoft Office and Adobe Acrobat to draw black boxes over the sensitive material, which is fine if the documents are going to be printed to hardcopy but doesn’t actually redact the digital information from the file.

In one 2019 grand jury filing, a member of the press was able to defeat these types of manually created redactions by simply copying the black-out boxes and pasting the text into a new document, which also brought over the text and metadata.

So how can you make sure redactions on digital documents are done correctly?

“That’s kind of the challenge: picking the right tool for the right job,” says Derek Miller, VP of Business Development at Ipro. “Anyone doing redactions and producing redacted documents needs to understand how these tools work and build measures into their processes to avoid this type of mistake. But mainly you want to make sure you have the right tools in your toolbox. Which means using software that’s specifically designed to redact and produce those redactions accurately.”

Here are a few things to look for in software to ensure accurately produced redactions:

  • Automatically re-OCRs documents to remove the text under the redaction
  • Runs validations to make sure the redactions are burned in and the text is correct
  • Creates layered redactions so multiple production sets can be sent to multiple parties

Along with those functions, some eDiscovery software has added protections which identify documents which may need another layer of review before they’re produced. It’s similar to when your email platform asks if you want to send without a subject line or asks if you’ve forgotten an attachment.

One example of this is Ipro’s Production Shield™, which identifies these documents during the validation phase of the export process, giving administrators the opportunity to correct conflicts and ensure only appropriate documents are produced.

The main thing to remember when dealing with Electronically Stored Information (ESI) is that what you see on the screen is only the surface of the existing data. The same goes getting redactions right for eDiscovery: Just because all you see is a black box, doesn’t mean everything that lies beneath has disappeared.

Ipro’s Production Shield™ is available on Ipro’s Enterprise™ and Desktop™ eDiscovery Solutions.

Ipro Announces the Acquisition of NetGovern, Driving Innovation Across Information Governance & eDiscovery

ipro netgovern acquisition

Ipro Announces the Acquisition of NetGovern, Driving Innovation Across Information Governance & eDiscovery  

Ipro Tech, LLC, the leader in eDiscovery, Case Management, and Trial technology, is excited to announce the acquisition of NetGovern, a leader in Information Governance, Risk, and Compliance software.

Joining these two global companies and their technologies will provide the most innovative workflow in the legal industry, extending across the entire Electronic Discovery Reference Model (EDRM) from Information Governance, to In-Place Early Data Assessment, through eDiscovery and beyond. The companies complement each other perfectly by combining Ipro’s 30-year legacy of focus on law firms, government, and legal service providers with NetGovern’s deep expertise in corporate verticals, including healthcare, public sector, financial services, manufacturing, and transportation.

Evolving market dynamics and customer needs around continued enterprise data growth were the main drivers for this combined effort. As concerns grow regarding compliance, security, and risk management, the significance of economic consequences presents the business impact of properly managed data through the eDiscovery process, and the customer benefit of an integrated solution spanning the entire EDRM becomes even more compelling.

Data is growing at an exponential rate, reaching over 175 zettabytes in the next few years. This growth drives unprecedented challenges across enterprises with concerns ranging from compliance to security to risk management, and ultimately eDiscovery. The economic impact of managing these issues, breaches, and judgements is also spiraling. As Ipro studied these factors with our customers, it became clear that an integrated solution spanning from information governance to discovery would be necessary.

The journey between Ipro and NetGovern began with the January 2020 announcement of a strategic partnership between the two companies, with a focus on the development of integrated capabilities to address rising challenges, allowing real-time access to multiple sources of unstructured enterprise data from one single interface. Those early efforts were so well received by customers that a merger of the companies became the next logical step to drive customer value.

The result of this acquisition empowers IT, HR, and Legal teams to make better informed decisions prior to collecting or duplicating Electronically Stored Information (ESI) from file shares; email servers like O365, Exchange, and Gmail; messaging and chat systems like Slack and Teams; cloud shares like Box and OneDrive; and other data sources, while combining Ipro’s best-in-class eDiscovery capabilitiesincluding data processing, enhanced visual analytics, and intuitive document review – creating the industry’s most flexible, scalable, and powerful eDiscovery experience.

With solutions extending across the entire EDRM – from Information Management and Governance, to Review and Production, and all points in between — legal teams will be able to perform investigations for litigation and internal matters, assess compliance and security risks, place and manage legal holds, defensibly preserve data, respond to subpoenas and public record requests, and ultimately work with outside counsel to prepare for settlement or trial, all while securely protecting enterprise data and intellectual property.

“We are thrilled to combine the strengths of these two companies,” shared Dean Brown, CEO at Ipro Tech, “and we are positioned to take a competitive advantage as the leader in Information Governance and eDiscovery by incorporating NetGovern’s solutions, people, and knowledge into the Ipro family. By integrating these technologies, we will empower corporations to gain control over their data and lower the costs related to data security, compliance, investigations and litigation through the use of in-place indexing and analysis, data connectors, smart collections, and advanced analytics.”

“Ipro and NetGovern have a tremendous amount of experience and synergy, capitalizing on our time in the industry, our solutions, and the customer base we serve,” said Pierre Chamberland, Founder & CEO of NetGovern. Chamberland added, “With all of the functionality, expertise, and development resources that both companies bring to the table, it’s the best time to join these two innovators.”

As of this announcement, Chamberland will transition into his new role as Chief Innovation Officer of Ipro.

Ipro is committed to working closely with their NetGovern colleagues to maintain and strengthen all the great things that NetGovern’s clients and partners love about them today.

With each release moving forward, clients of both solutions will see the benefits of integration with streamlined workflow options, ultimately resulting in the goal of providing a single, scalable solution to meet and exceed industry demands at all stages in the Information Governance and Litigation lifecycle.

 

About Ipro Tech, LLC:

Ipro is the global leader in eDiscovery technology used by legal professionals to streamline discovery of electronic data through presentation at trial. Ipro draws upon decades of innovation to deliver high-performance software, services, and support, flexibly deployed via Desktop, On-prem, Cloud, or Hybrid solutions, significantly reducing the cost and complexity of eDiscovery. For more information, visit https://www.iprotech.com/

About NetGovern:

NetGovern’s information archiving and governance software helps organizations solve data compliance, safeguard personal information, simplify eDiscovery and protect their reputation. Our all-in-one solution offers the fastest speed to value, lowest cost of ownership, and most secure visibility of sensitive information found in messages and files, independent of storage location. https://www.netgovern.com/

About ParkerGale:

ParkerGale Capital is a private equity fund based in Chicago that buys profitable, founder-owned software companies. ParkerGale also hosts the private equity industry’s only podcast, the PE FunCast on iTunes and Google Play. For more information, please visit http://www.parkergale.com/

Recent Case Law Illustrates the Importance of Addressing BYOD in Your Organization

BYOD Case Law

Recent Case Law Illustrates the Importance of Addressing BYOD in Your Organization
Written by Doug Austin, Editor of eDiscovery Today

If you follow my writing, you know that I cover a lot of case law – typically between 60 to 70 cases a year. When you do that, you notice certain trends that illustrate some of the challenges that organizations face today with regard to electronic discovery. One of the more common trends these days relates to cases related to mobile device data and the failure to preserve that data. Many organizations today support a Bring Your Own Device (BYOD) approach to employees and their mobile devices; however, many of them don’t have an effective policy or plan for addressing mobile device data when litigation hits.

Let’s take a look at three recent cases where failure to preserve mobile device data led to sanctions requests by requesting parties.

In DriveTime Car Sales Company, LLC v. Pettigrew, No.: 2:17-cv-371 (S.D. Ohio Apr. 18, 2019), Ohio Judge George C. Smith granted in part and denied in part the plaintiff’s motion for spoliation sanctions against defendant Pauley Motor, denying the plaintiff’s request for an adverse inference sanction by ruling that “DriveTime has not sufficiently demonstrated that Pauley Motor acted with the requisite intent” when Bruce Pauley failed to take reasonable steps to preserve text messages when he switched to a different phone. However, he did note that “less severe sanctions are available to DriveTime under Rule 37(e)(1) upon a finding of prejudice.” Judge Smith also allowed the plaintiff to “introduce evidence at trial…of the litigation hold letter and Pauley Motor’s subsequent failure to preserve the text messages. DriveTime may argue for whatever inference it hopes the jury will draw.”

In NuVasive, Inc. v. Kormanis, No. 1:18CV282 (M.D.N.C. Mar. 13, 2019), North Carolina Magistrate Judge Patrick Auld granted the plaintiff’s motion for sanctions in part, giving the plaintiff additional time to depose and subpoena text messages from a key contact who indicated that he was unable to retrieve text messages beyond two months prior (but also refused to let the plaintiff inspect his devices). Judge Auld also recommended that, “because the record supports but does not compel a ‘finding that [Defendant Kormanis] acted with the intent to deprive [Plaintiff] of the [lost text messages’] use in the litigation, the Court submit that issue to the ‘jury, [with] the [C]ourt’s instruction[s] mak[ing] clear that the jury may infer from the loss of the [text messages] that [they were] unfavorable to [Defendant Kormanis] only if the jury first finds that [he] acted with the intent to deprive [Plaintiff] of the[ir] use in the litigation’”.

In Paisley Park Enter., Inc. v. Boxill, No. 17-cv-1212 (WMW/TNL), (D. Minn. Mar. 5, 2019), a case related to the late rock legend Prince, two defendants not only failed to disengage the auto-delete function on their phones, but they also each wiped and discarded their phone – one did it twice – since October 2017. Minnesota Magistrate Judge Tony N. Leung granted in part the plaintiffs’ Motion for Sanctions Due to Spoliation of Evidence, ordering the Rogue Music Alliance (“RMA”) Defendants to pay reasonable expenses, including attorney’s fees and costs, that Plaintiffs incurred as a result of the RMA Defendants’ “misconduct”, and also ordered the RMA Defendants to pay into the Court a fine of $10,000, but chose to defer consideration of adverse inference instruction sanctions to a later date, closer to trial.

As you can see, failing to preserve data from mobile devices led to various levels of sanctions against the spoliating parties, not to mention the effort it took to defend themselves against even more significant sanctions. Here are two considerations that you need to keep in mind to avoid the same issues that these parties encountered:

  • BYOD Policy: Many organizations support employees’ ability to use BYOD devices, but a lot of them don’t have a formal policy regarding the use and management of those devices, which includes an employee’s duty to preserve mobile device data when litigation hits. Organizations need a clear BYOD policy that emphasizes the rights of the organization and the responsibilities of the employees using BYOD devices for company use, including those associated with preservation and collection of mobile device data. (Check out this post on BYOD policies from Ipro’s eDiscovery Blues series).
  • Litigation Hold Notices: Litigation hold notices need to be extended to enforce preservation of mobile device data, including instructions to suspend any auto-deletion of text messages (as well as messages from other messaging apps) and spell out the responsibilities to preserve data from mobile devices before discarding those devices.

Just because a device is owned by an employee doesn’t mean there is any less responsibility for that employee to take appropriate steps to preserve that data during litigation. Organizations need to take control of that challenge by implementing a formal BYOD policy and ensure litigation hold notices clearly spell out the duty of custodians to extend preservation to their BYOD devices.

Next week, I’ll discuss best practices associated with BYOD policies. My first Ipro cliffhanger!

For more educational topics from Doug Austin related to eDiscovery, cybersecurity and data privacy, feel free to follow, eDiscovery Today And as part of the continued educational partnership between Ipro and eDiscovery Today, he’ll be here in the Ipro Newsroom next week with more educational content!

3 Challenges Corporate Legal Teams Face With BYOD

corporate legal BYOD

 

3 Challenges Corporate Legal Teams Face With BYOD

JD Supra Readers Choice Top Author 2020Written by Jim Gill
Content Chief, Ipro

Today’s eDiscovery Blues comic highlights several challenges In-House legal teams might face when working with data in the face of litigation, starting with the sinking feeling that comes when you ask yourself, “Is the I.T. department being sarcastic?” That’s part of the humor here, but the answer given about simply having everyone use Snapchat as a solution for employees using their personal mobile devices for work (Bring Your Own Device or BYOD) raises several points worth discussing.

Corporate Legal Challenge #1: Mobile Devices, eDiscovery & BYOD

Mobile devices can be difficult when it comes to eDiscovery for many reasons. They contain a large variety of file-types and data intermingled with a lot of private information, which may be privileged. Extracting specific information can be difficult and imaging an entire device can be costly (read this example from recent case law for more on the pros and cons of imaging entire mobile devices).

That’s why it’s important to have policies in place to determine how mobile devices are used for business purposes, which is exactly what Rick Compliance, eDiscovery manager, was trying to do when he called I.T. above.

Corporate Legal Challenge #2: Social Media / Chat, eDiscovery & BYOD

Messaging platforms (e.g. Slack, Teams, What’s App) and social media (e.g. Facebook, Instagram, LinkedIn, Snapchat) go hand in hand with mobile devices, and we all know that business is conducted across multiple platforms and devices, sometimes simultaneously. Gaining insight into the ESI created by these can be difficult.

With social media, data can usually be requested from the source company (For example, Instagram has a data request form in its Privacy and Security settings), and chat files can be exported, but both of these can be difficult to put into a review-ready format, losing the context of the conversations held within them. And these new data sources continue to grow and be used in interesting ways, as this recent case shows: Etsy Post Leads to Arrest of Cop Car Arson Suspect in Philly.

Knowing if these platforms are a potential source of data for your organization should litigation arise is vital. Having policies in place around their use for business and alignment between Legal and I.T. should this data need to be collected is ideal.

Corporate Legal Challenge #3: Avoiding Sanctions for Mobile Data Spoliation, Including Ephemeral Data

Finally, the notion of a company telling employees to use ephemeral data messaging as part of their BYOD policy isn’t so far-fetched. And it can lead to sanctions.

In a recent case, WeRide Corp. v. Huang et al. (N.D. Cal. Apr. 24, 2020), the defendants were sanctioned under FRCP Rule 37, because they directed employees of their company AllRide to communicate using the application DingTalk internally. The CEO testified, he felt it was “more secure” than other messaging platforms; however, DingTalk allows for “ephemeral messages” that automatically delete after they have been sent and read (much the same as Snapchat, mentioned in the cartoon above).

The court’s ruling stated, “AllRide left in place the autodelete setting on its email server, began using DingTalk’s ephemeral messaging feature, and maintained a policy of deleting the email accounts and wiping the computers of former employees after the preliminary injunction issued. This practice of destroying potentially discoverable material shows both willfulness and bad faith. Based on these undisputed facts, the Court finds it appropriate to issue terminating sanctions.”

Conclusion

Mobile Data is no joke and having alignment between Legal, IT, Compliance and other stakeholders is a must before litigation arises. Without clear policies in place, there are so many ways mobile data can quickly become a problem.

For more insights into your organization’s data landscape, Download the Ipro Pre-Litigation Data Inventory Checklist now!

Ipro Pre-Litigation Data Checklist

4 Reasons Why Summer is the Right Time to Start the Ipro Virtual Administrator Training Series

Ipro Virtual Administrator Training

4 Reasons Why Summer is the Right Time to Start the Ipro Virtual Administrator Training Series
Written by Julie Badger, Product Learning Experience Manager, Ipro

While it may be summer, the time for learning doesn’t stop, and we here at Ipro are focusing our energy on helping our customers get the most out of their Ipro products with Ipro training courses.

The Ipro training team has built a solid body of training materials and courses targeted to meet the needs of adult learners where they are. You might wonder, “What’s so different about adult learners?” Well, research shows that adult learners learn differently, have different motivations, and different educational needs which must be addressed:

  • Adult learners draw on their past experiences to inform their current learning objectives.
  • Adult learners are goal oriented, targeted learners who narrow their learning objectives to only what is most relevant and applicable.
  • Adult learners are also very self-directed and learn more by practicing and doing than by rote memorization.

With adult-learning theory in mind, we’ve adapted our former in-house training courses and made them available in in virtual web-series format. The beauty of this adapted course curriculum is that it gives the learner the ability to grasp the concepts by following along during the lecture-based training. Then, separately, learners can go work on the practice exercises and homework to deepen their understanding of the materials in the context of their own software implementation. The combination of lecture-based learning with self-guided learning can really help cement the core concepts in a learner’s brain.

At Ipro we’re committed to educational excellence and would love to help you meet your education goals in 2020.

If you book an open session for the Ipro Virtual Administrator Training Series
any time between June 1st and July 31styou can receive a 20% discount on the course fee:
Use the promo code SUMMER20 when you sign up. 

Click Here for More Information — We hope you’ll join us!